<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Customizing the Access Denied Error Message in the Okta Sign-In Widget

Administration
Okta Identity Engine

Overview

Customizing the default Access Denied error message in the Okta Sign-In Widget provides tailored feedback when Okta denies a user access to an application. Modifying the access denied error message settings in the Admin Console applies the custom text and optional help links to the widget.

Applies To

  • Okta Identity Engine (OIE)
  • Sign-In Widget
  • Customization

Solution

How is the access denied error message customized in the Okta Sign-In Widget?

Navigate to the Customizations menu in the Admin Console to configure the access denied error message text and test the new prompt using an application Embed Link URL.

  1. In the Admin Console, go to Customizations > Other.
  2. In the Access denied error message section, select Edit.
  3. Select Use a custom error.
  4. Enter the desired custom error message in the provided field. Optionally, add a help link with custom text and a URL.
    Configure the custom error message and the optional help link URL within the provided text fields.
    custom error message
  5. Select Save.
  6. Test the customization by attempting an action that triggers an access denied scenario, such as failing an authentication policy rule using the application Embed Link URL or the Service Provider (SP)-initiated login flow.
    The Okta Sign-In Widget displays the newly configured custom access denied error message to the user during a failed authentication attempt.
    Sign in screen

NOTE: Okta Classic Engine does not support redirecting unassigned users by configuring a custom error page URL for custom OpenID Connect (OIDC) applications. Okta primarily intends this redirect feature for Okta Integration Network (OIN) applications and does not apply it to custom OIDC applications. As a result, users denied access to a custom OIDC application due to sign-on policy restrictions see the default error message, and Okta does not trigger the custom redirect URL.

Related References

Loading
Okta Support - Customizing the Access Denied Error Message in the Okta Sign-In Widget